Saudi Arabia Personal Data Protection Law.
Saudi Arabia's PDPL establishes data protection requirements aligned with international standards, governing the processing of personal data within Saudi Arabia. It requires consent, data localization considerations, and breach notification.
Maximum penalty
SAR 5M (~$1.3M)
Source: PDPL Royal Decree 2021
Key requirements
Consent for data processing
Data minimization and purpose limitation
Cross-border transfer restrictions
Breach notification to SDAIA
+2 more requirements in the complete guide.
Get the full SA PDPL compliance guide →Enforcement examples
Enforcement from September 2024
One-year grace period ended September 2024
-
2024
How Tessera automates SA PDPL compliance
PDPL consent management
SDAIA notification workflow
Cross-border transfer compliance
Data localization monitoring
SA PDPL compliance checklist
Essential steps to achieve and maintain SA PDPL compliance.
Implement consent management
Conduct Privacy Impact Assessments
Establish breach notification to SDAIA
+2 more steps in the full checklist.
Get your complete SA PDPL compliance checklist - free →Industries affected
Calculate your SA PDPL exposure.
See exactly how SA PDPL penalties apply to your revenue and industry profile.